How to sign CSR?

Hi everyone,
I'm a beginner on security topics.

We have a local server we can access only inside the company network.
We want the HTTPS in our application which run Tomcat.
We generate a .csr file and self-signed it. But below message is displayed on Google Chrome : NET::ERR_CERT_COMMON_NAME_INVALID

It seems that we have to sign the certificate by a CA authority.

My question is How can I signed the .csr with let'sencrypt ?

Thank you for your help.



Welcome to the Let's Encrypt Community, Cheikh :slightly_smiling_face:

You need to have a public domain name and use an an ACME client that accepts a CSR (e.g. certbot) in order to acquire a certificate signed by Let's Encrypt.

1 Like

Hi Griffin,
So so you mean that I can't have signed certificates if my server is only accessible in local network ?
Is it only applicable with Letsencrypt or it is applicable for all ca authority ?
Thank you again for your help


Hi @Cheikh

your question says: You didn't read the link.

Please change that.

You can get a Let's Encrypt certificate by fulfilling a dns-01 challenge as long as the DNS for the domain name is publicly accessible. To my knowledge, any publicly-trusted certificate authority will only vouch for a domain name for which it can verify control.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.